Re: Trust over NAT

Tech-Archive recommends: Repair Windows Errors & Optimize Windows Performance

domain 1 is a 10.1. network
domain 2 is a 172.31 network

both domains are NATed to each other where
domain 1 is 10.250.13.1
domain 2 is 10.202.13.1

I'm domain 1

In my DNS I put a forward lookup zone for
domain2.com
there is an A record for domain2.com at 10.202.13.1
there is also an A record for the DC at 10.202.13.1

I can ping domain2.com and it replies with 10.202.13.1
also nslookup on domain2.com replies with 10.202.13.1


"Fiso" <fiso@xxxxxxxxxxx> wrote in message
news:%23n6zz1%23ZGHA.440@xxxxxxxxxxxxxxxxxxxxxxx
Hi

I changed DNS so I have a new primary forward zone with the external
domain name
I added a record for the domain name
I can ping the domain name and it uses the NAT address and replies back
no problem.


NAT address should be public not internal....
You added a record for the domain name? What record?
Is the Public address replying to you?

If you use nslookup domain.com
What address is listed?

Please give more inf about your both domain configuration.

domain1.com, domain2.com, ip address, Dns configuration, etc.




--
Best Regards
Systems Administrator
MCSA + Exchange



"John M" <sdkfj@xxxxxxxxxxxxx> wrote in message
news:eQJCeD%23ZGHA.3684@xxxxxxxxxxxxxxxxxxxxxxx
I changed DNS so I have a new primary forward zone with the external
domain name
I added a record for the domain name
I can ping the domain name and it uses the NAT address and replies back
no problem.


"Jmnts" <jmnts@xxxxxxxxxxx> wrote in message
news:%23NhCc29ZGHA.1352@xxxxxxxxxxxxxxxxxxxxxxx
Hi
- This will never work. I must use the real Dns IPAdddress, the servers
must able to reach eachother Dns.
- Of course if you have both forests in same Subnet Address the requests
won't leave the local Subnet. So the forests must be connected to the
same switch/Hub or must be in different subnets in order to the router
forward the requests.
- Your NAT device is responding to ICMP requests?? (Enable FW on the NAT
device)


--
Best Regards
Systems Administrator
MCSA + Exchange



"John M" <sdkfj@xxxxxxxxxxxxx> wrote in message
news:u6Wyzi6ZGHA.504@xxxxxxxxxxxxxxxxxxxxxxx
I'm trying to setup a trust between two separate forests over a VPN
connection. There is conflicts with the private address being used at
each site, so were using NAT to change the private address to something
we can both use.
I added the external domain name to my DNS forwarder list with the NAT
ip address. Problem is that if I try to ping the external domain it
comes back with the real ip address and not the NAT address. So when
setup the trust and put in the external domain name it fails.

anyone have any ideas for me?
thanks
John









.

Relevant Pages

  • Re: Trust over NAT
    ... In my DNS I put a forward lookup zone for ... I can ping domain2.com and it replies with 10.202.13.1 ... NAT address should be public not internal.... ...
    (microsoft.public.win2000.active_directory)
  • Re: Trust over NAT
    ... In my DNS I put a forward lookup zone for ... I can ping domain2.com and it replies with 10.202.13.1 ... NAT address should be public not internal.... ...
    (microsoft.public.win2000.active_directory)
  • Re: Internet Sharing through NAT
    ... In that case you probably haven't configured NAT correctly. ... > Sorry Bill, maybe i didn't explain clearly, I can ping the ip address ... >> Set the DNS on your server to forward to a public DNS service. ...
    (microsoft.public.win2000.ras_routing)
  • Re: Problem when join computer to domain
    ... i get replies from a different DC. ... If you ping by FQDN? ... I flush the DNS and register again. ... I have added both the subnets to my DC in> ADSS ...
    (microsoft.public.windows.server.active_directory)
  • Re: Trust over NAT
    ... I can ping the domain name and it uses the NAT address and replies back no ... NAT address should be public not internal.... ... I must use the real Dns IPAdddress, ...
    (microsoft.public.win2000.active_directory)